Attack-Proof Collaborative Spectrum Sensing in Cognitive Radio Networks

Attack-Proof Collaborative Spectrum Sensing in Cognitive Radio Networks Wenkai Wang, Husheng Li, Yan (Lindsay) Sun, and Zhu Han Department of Electrical, Computer and Biomedical Engineering University of Rhode Island, Kingston, RI 0288 Department of Electrical Engineering and Computer Science University of Tennessee, Knoxville, TN 37996 Department of Electrical and Computer Engineering University of Houston, Houston, TX 77004 Abstract Collaborative sensing in cognitive radio networks can significantly improve the probability of detecting the transmission of primary users. In current collaborative sensing schemes, all collaborative secondary users are assumed to be honest. As a consequence, the system is vulnerable to attacks in which malicious secondary users report false detection results. In this paper, we investigate how to improve the security of collaborative sensing. Particularly, we develop a malicious user detection algorithm that calculates the suspicious level of secondary users based on their past reports. Then, we calculate trust values as well as consistency values that are used to eliminate the malicious users influence on the primary user detection results. Through simulations, we show that even a single malicious user can significantly degrade the performance of collaborative sensing. The proposed trust value indicator can effectively differentiate honest and malicious secondary users. The receiver operating characteristic (ROC) curves for the primary user detection demonstrate the improvement in the security of collaborative sensing. Keywords: Collaborative Sensing, Cognitive Radios, Security. I. INTRODUCTION Cognitive radio is a revolutionary paradigm providing high spectrum efficiency for wireless communications, in which transmission or reception parameters are dynamically changed to achieve efficient communication without introducing interference to traditionally licensed users (i.e. primary users). One major technical challenge is to detect the presence of the primary users transmission, or in other words, the spectrum holes. Popular detection techniques include matched filter, energy detection, cyclostationary detection and wavelet detection [], [2]. It is recently discovered that collaboration among multiple cognitive radios can significantly improve the performance of spectrum sensing. The collaborative spectrum sensing techniques can be classified into two categories. The first category involves multiple users exchanging information [3] [7], and the second category uses relay transmission [8], [9]. Most of the current schemes assume that secondary users always tell the truth. However, it is well known that wireless devices can be compromised and under the control of malicious parities. The malicious secondary user can send false This work is supported by NSF Award # 09046 and # 08335. information and mislead the spectrum sensing results to cause collision or inefficient spectrum usage. For example, some secondary users can always report the existence of the primary user such that they can occupy the spectrum themselves. To overcome these problems, in this paper, we develop a malicious user detection algorithm that calculates the suspicious level of secondary users and then utilizes the suspicious level to eliminate the malicious users influence on the primary user detection results. Simulations are conducted to compare the performance of the collaborative sensing scheme without security protection, the scheme using a straightforward existing defense method, and the proposed scheme under various scenarios. We show that even a single malicious user can significantly degrade the performance of collaborative sensing. The proposed detection scheme can effectively differentiate honest and malicious secondary users and greatly improve the security of collaborative spectrum sensing. For example, when there are 0 secondary users, with the primary user detection rate being, one malicious user can make the false alarm rate (P f ) increases to 59%. While an existing defense scheme can reduce P f to 6%, the proposed scheme reduces P f to 5%. Furthermore, when a good user suddenly turns bad, the proposed scheme can quickly reduce the trust value of this user. If this user only behaves badly for a few times, its trust value can recover after a large number of good behaviors. If the bad behavior is consistent, the trust value becomes almost impossible to recover. This paper is organized as follows. In Section II, the system model is given. The attack models and the proposed scheme are described in Section III, followed by simulation results in Section IV and conclusion in Section V. II. SYSTEM MODEL Suppose that there are N collaborative secondary users reporting their detected power of primary user transmission to a decision maker as shown in Figure. The objective is to detect whether the primary users are transmitting or not, based on the reports from the secondary users. For node n, its observation about the existence of the primary user at time slot t is denoted by X n (t). The collection of X n (t), i.e. all

2 Fig.. Primary user Decision Center Task : Malicious secondary user? Task 2: Primary user existing? Collaborative Spectrum Sensing observations in time slot t, is denoted by X(t). These nodes report their observations to a centralized decision maker whose decision is broadcast to all secondary nodes. When a secondary user is malicious, by changing its reporting values, this malicious user can significantly affect the decision and therefore degrade the performance of spectrum sensing. The following assumptions and notations are used throughout this paper: There is no more than one malicious node. We denote by T n the type of secondary node n which could be H (honest) or M (malicious). We denote the channel state by S(t) which takes value in {B, I} (B means that primary users exist and the channel is busy; I means that there are no primary users and the channel is idle); we assume that the channel states in different time slots are mutually independent and denote by q B (t) and q I (t) the a priori probabilities of states B and I, respectively; We also denote by p B and p I the observation probabilities under busy and idle states, respectively, i.e. p I (X j (t)) P (X j (t) S(t) I), () p B (X j (t)) P (X j (t) S(t) B). (2) III. SECURE COLLABORATIVE SENSING The performance of collaborative sensing can be severely damaged by malicious secondary users. To address this security vulnerability, we propose a defense scheme that contains two major components: () detection algorithm that determines suspicious level of secondary users; and (2) decision combining algorithm that considers the trustworthiness of secondary users. In this section, we describe the attack model, the detection algorithm, and the decision combining algorithm. A. Attack Model The behavior of an attacker (i.e. malicious secondary user) is described by the attack threshold (η), attack strength ( ), and attack probability (P a ). We consider two types of attacks. False Alarm (FA) Attack: With probability P a, the attacker selects collaborative sensing rounds in which it aims to cause false alarm. In a selected round, when the sensed power X n (t) is higher than η, the attacker reports X n (t); otherwise, it reports X n (t) +. False Alarm & Miss Detection (FAMD) Attack: With probability P a, when the sensed power X n (t) is higher than η, the attacker reports X n (t) ; otherwise, it reports X n (t) +. Note that the OR rule is commonly used in collaborative sensing because it has the best performance when there is no attackers. According to the OR rule, whenever one secondary user reports the existence of the primary user, the decision maker believes the existence of the primary user. With the FA attack, the malicious secondary user can easily cause high false alarm. When the malicious user is the only user who detects the primary user, it can also cause miss detection by not reporting the existence of the primary user. In the FAMD attack, the malicious user aims to cause both false alarm and miss detection. B. Suspicious Level Calculation In this section, we assume that there is one and only one malicious user. We define π n (t) P (T n M F t ) (3) as the suspicious level of node n at time t, where T n ( H or M) is the type of node and F t represents all observations from time slot to time slot t. By applying Bayesian criterion, we have P (T n M) π n (t) N j P (F t T j M)P (T j M). (4) Suppose that P (T n M) ρ for all nodes. Then, we have π n (t) It is easy to verify where P (X(τ) T n M, F τ ) τ τ N j,j n N j P (F t T j M). (5) P (X j (τ) T j H) P (X n (τ) F τ ) ρ n (τ), (6) τ ρ n (t) P (X n (t) F τ ) N j,j n P (X j (t) T j H), (7) which means the probability of reports at time slot t conditioned that node n is malicious. Note that the first equation is obtained by repeatedly applying the following equation P (X(t) T n M, F t )P (F t T n M). (8)

3 Recall that q B (t) and q I (t) are the priori probability of whether or not the primary user exists. Therefore, the honest user s report probability is given by P (X j (t) T j H) P (X j (t), S(t) B T j H) + P (X j (t), S(t) I T j H) p B (X j (t))q B (t) + p I (X j (t))q I (t). (9) Thus, the computation of π n (t) is given by t τ π n (t) ρ n(τ) N t j τ ρ j(τ). (0) C. Primary User Detection The suspicious level calculation provides a foundation for dealing with malicious secondary users. In this section, we demonstrate how to perform secure primary user detection. We first convert suspicious level π n (t) into trust value φ n (t) as φ n (t) π n (t). () Trust value alone is not sufficient for determining whether a certain user s report is reliable or not. In fact, we find that trust values become unstable when () there is no enough observation or (2) there is no malicious user. The first case is easy to understand. The reason for the second case is that the derivation in Section III-B assumes one and only one malicious user. When there is no attacker, the trust values of honest users become unstable. To solve this problem, we define consistency value of user n (i.e. ψ n (t)) as { t τ φ n(t) µ n (t) t, t < L t τt L+ φ (2) n(t) L, t L, ψ n (t) { t τ (φ n(t) µ n (t)) 2, t < L t τt L+ (φ n(t) µ n (t)) 2, t L, (3) where L is the size of the window in which the variation of recent trust values is compared with overall trust value variation. Procedure Primary user detection : receive reports from N secondary users. 2: calculate trust values and consistency values for all users. 3: for each user n do 4: if φ n(t) < threshold and ψ n(t) < threshold 2 then 5: the report from user n is removed 6: end if 7: end for 8: perform primary user detection algorithm based on the remaining reports. Next, the trust value φ n (t) and the consistency value ψ n (t) are used in the primary user detection algorithm, as shown in Procedure. The basic idea is to eliminate the reports from users who have consistent low trust values. In this procedure, threshold and threshold 2 can be chosen dynamically. For example, threshold can be set as the a fraction of average trust value of all N users, and threshold 2 can be a fraction of average consistency values of all N users. This procedure can be used together with most existing primary user detection algorithms. In this paper, we will use the hard decision combining algorithm in [3], [] to demonstrate the performance. IV. SIMULATION RESULTS The simulations are conducted in a simple network topology with N( 0) cognitive secondary users randomly located around the primary user. The minimum distance between the secondary users and the primary user is 000m and the maximum distance is 2000m. For the local spectrum sensing, the bandwidth-time product [3], [] is m 5. The transmission power of the primary user is 200mW. The noise level σ 2 is -0dBm. The signal-to-noise ratio(snr) of individual secondary user depends on its location and Rayleigh fading is assumed. The propagation loss factor is 3. In the attack models, the attack threshold η 0, the attack strength 0, and the attack probability P a is or 0.5. In the proposed scheme, the trust value threshold threshold 0.0, the consistency value threshold is threshold 2 0., and the window size for calculating consistency value is L 0. We compare three schemes. OR Rule: the primary user is detected when at least one secondary user s reporting values are above a certain threshold. K2 Rule: the primary user is detected when at least two secondary user s reporting value is above a certain threshold. This scheme, presented in [2], is a straightforward defense against one malicious user. Proposed Scheme: applying the OR rule after removing reports according to Procedure. Figure 2-5 show the ROC curves for primary user detection in 6 cases. Case is for OR rule with N honest users. Case 2 is for OR rule with N honest users. In Case 3-6, there are N honest users and malicious user. Case 3 is for OR rule. Case 4 is for K2 rule. Case 5 is for the proposed scheme with t 250, where t is the index of detection rounds. Case 6 is for the proposed scheme with t 500. When the attack strategy is the FA Attack, Figure 2 and Figure 3 show the ROC curves when the attack probability is and 0.5, respectively. The following observations are made. By comparing the ROC for case and case 3, we see that the performance of primary user detection degrades greatly even when there is only one malicious user. This demonstrates the vulnerability of collaborative sensing, which leads inefficient usage of available spectrum resource. The proposed scheme demonstrates significant performance gain over the scheme without defense (i.e. OR rule) and the straightforward defense scheme (i.e. K2 rule). For example, the following table shows the false alarm rate (P f ) for two given detection rate (P d ), when attack probability (P a ) is. When FA OR K2 Proposed Proposed P a Rule Rule (t 250) (t 500) P d 0.53 0.0 0.06 0.03 P d 5 0.62 0.8 0.07 0.04

4 5 5 No Attacker, N0, OR One Attacker, N0, OR One Attacker, N0, K2 0 0. 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 No Attacker, N0, OR One Attacker, N0, OR One Attacker, N0, K2 0 0.2 0.4 0.6 0.8 Fig. 2. ROC curves for different collaborative sensing schemes (P a 00%, False Alarm Attack) Fig. 4. ROC curves for different collaborative sensing schemes (P a 00%, False Alarm & Miss Detection Attack) 5 5 No Attacker, N0, OR One Attacker, N0, OR One Attacker, N0, K2 0 0. 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 No Attacker, N0, OR One Attacker, N0, OR One Attacker, N0, K2 0 0. 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 Fig. 3. ROC curves for different collaborative sensing schemes (P a 50%, False Alarm Attack) Fig. 5. ROC curves for different collaborative sensing schemes (P a 50%, False Alarm & Miss Detection Attack) When the attack probability is 0.5, the performance advantage is smaller but still large. When FA OR K2 Proposed Proposed P a 0.5 Rule Rule (t 250) (t 500) P d 0.27 0.06 0.04 0.03 P d 5 0.32 0. 0.07 0.05 In addition, as t increases, the performance of the proposed scheme gets close to the performance of case 2, which represents perfect detection of the malicious nodes. Figure 4 and Figure 5 shows the ROC performance when the malicious user adopts the FAMD attack. We observe that the FAMD attack is stronger than FA. In other words, the OR rule and K2 rule have worse performance when facing the FAMD attack. However, the performance of the proposed scheme is almost the same under both attacks. That is, the proposed scheme is highly effective under both attacks, and much better than the traditional OR rule and the simple defense K2 rule. The example false alarm rates are listed as follows. When FAMD OR K2 Proposed Proposed P a Rule Rule (t 250) (t 500) P d 0.59 0.6 0.07 0.05 P d 5 0.69 0.29 0.09 0.06 When FAMD OR K2 Proposed Proposed P a 0.5 Rule Rule (t 250) (t 500) P d 0.29 0.09 0.05 0.04 P d 5 0.34 0.4 0.07 0.05 Finally, trust values of honest users and malicious users are

5 Trust Value 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0. Malicious Node Honest Nodes 0 0 50 00 50 200 Detection Round Fig. 6. Dynamic trust value in proposed scheme (a user attacks during time [50, 90], P a.) 0.9 V. CONCLUSIONS To overcome the malicious behavior in collaborative sensing, in this paper, we propose a defense scheme that computes suspicious level, trust values and consistency values. These values are used to guide the decision combining, in which the reports from untrustworthy users are eliminated. In its current form, the proposed scheme can effectively defense against one malicious user. It can be extended to multiple malicious user case in the future. Through simulations, the ROC curves and trust value dynamics are studied for different attack models, attack probabilities and different collaborative sensing schemes. The proposed schemes demonstrate significant performance advantage. For example, when there are 0 secondary users, with the primary user detection rate equals to, one malicious user can make the false alarm rate (P f ) increases to 59%. While a simple defense scheme can reduce P f to 6%, the proposed scheme reduces P f to 5%. Furthermore, when a good user suddenly turns bad, the proposed scheme can quickly reduce the trust value of this user. If this user only behaves badly for a few times, its trust value can recover after a large number of good behaviors. If the bad behavior is consistent for sometime, the trust value is almost impossible to recover unless the malicious user behave well consistently for extremely long time. The suspiciousness indicator developed in this paper is novel and effectively captures misbehavior dynamically. Trust Value 0.8 0.7 0.6 0.5 Malicious Node Honest Nodes 0.4 0 00 200 300 400 500 Detection Round Fig. 7. Dynamic trust value in proposed scheme (a user attacks during time [50, 55], P a.) examined. The malicious user adopts the FAMD attack and dynamically adjusts the attack probability P a. In Figure 6, the malicious user changes the attack probability from 0 to at t 50 and from to 0 at time t 90. We can see that this user s trust value quickly drops when it turns from good to bad. However, its trust value does not recover after it turns good unless this user consistently behaves well for more than at least 5000 rounds (the recovery is not shown). In Figure 7, one user behaves badly in only 5 rounds starting at t 50. In this case, its trust value drops quickly and then recovers very slowly. This means that the proposed scheme allows slow recovery of trust value after a few bad behaviors, which may due to channel variation and unintentional errors. REFERENCES [] S. Haykin, Cognitive radio: brain-empowered wireless communications, IEEE Journal on Selected Areas in Communications, Volume 23, Issue 2, Page(s): 20-220, Feb. 2005. [2] D. Niyato, E. Hossain, and Z. Han, Dynamic Spectrum Access in Cognitive Radio Networks, in print, Cambridge University Press, UK, 2008. [3] A. Ghasemi and E. S. Sousa, Collaborative spectrum sensing for opportunistic access in fading environments, in Proceedings of : 2005 First IEEE International Symposium on New Frontiers in Dynamic Spectrum Access Networks, 2005. DySPAN, Nov. 2005. [4] K. B. Letaief and W. Zhang, Cooperative spectrum sensing, Cognitive Wireless Communication Networks, Springer, 2007. [5] C. Sun, W. Zhang, and K. B. Letaief, Cluster-based cooperative spectrum sensing in cognitive radio systems, in Proceedings of IEEE International Conference on Communications, Glasgow, Scottland, Jun. 2007. [6] R. Chen, J. M. Park, and K. Bian, Robust distributed spectrum sensing in cognitive radio networks, in Proceedings of IEEE Infocom 2008 mini-conference, Apr. 2008. [7] C. H. Lee and W. Wolf, Energy efficient techniques for cooperative spectrum sensing in cognitive radios, in Proceedings of IEEE Consumer Communications and Networking Conference, Jan. 2008. [8] G. Ghurumuruhan and Y. (G.) Li, Cooperative spectrum sensing in cognitive radio: Part I: two user networks, IEEE Transactions on Wireless Communications, vol.6, no.6, p.p. 2204-223, June 2007. [9] G. Ghurumuruhan and Y. (G.) Li, Cooperative spectrum sensing in cognitive radio: Part II: multiuser networks, IEEE Transactions on Wireless Communications, vol.6, no.6, p.p. 224-2222, June 2007. [0] R. A. Maronna, R. D. Martin and V. J. Yohai, Robust Statistics: Theory and Methods, John Wiley and Sons, 2006. [] A. Ghasemi and E. S. Sousa, Opportunistic spectrum access in fading channels through collaborative sensing, Journal of Communications (JCM), vol. 2, no. 2, pp. 7-82, March 2007. [2] S. M. Mishra, A. Sahai, and R. W. Broderson, Cooperative sensing among Cognitive Radios, in Proceedings of IEEE International Conference on Communications, June 2006.